It's sad to see that even after all these years, we still have to write articles like this one. It's all over the web right now: a new backdoor Mac OS X trojan discovered! Code execution! Indicative of rise in Mac malware! Until, of course, you actually take a look at what's going on, and see that not only is it not in the wild, it can't really do anything because it's a beta.

"Not quite right. They need some access to local files. However, it could be much more limited than it is right now."

I didn't bother mentioning it, but I was thinking apps could immediately access files in their own repository. Like flash or java web start do now.

I think the JWS model is a bit more powerful than flash since JWS apps are explicitly installed and can run offline. On windows (never tried it on linux) JWS apps would install into the start menu and look and feel just like native apps.

It's disappointing that JWS never took off, but it'd be the perfect mechanism for installing apps on mobile devices.

"Take a word processor or an image editor, as an example. It should have the right to play with its own config files and files explicitly designated by the user through an 'open file' dialog or a command line parameter. But anything else ? Not so much."

Yes, the scope for damage would be very limited.

Ultimately, no matter what you or I come up with as the ideal app security/distribution model, the fact is the corporate decision makers prefer solutions which give them control over end users.